9.8
CVE-2020-36832 - Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user Iβ¦
8.8
CVE-2021-4450 - Post Grid <= 2.1.12 - Contributor+ SQL Injection
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attaβ¦
6.4
CVE-2024-9582 - Accordion Slider <= 1.9.11 - Authenticted (Contributor+) Stored Cross-Site Scripting via HTML Attriβ¦
The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βhtmlβ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Coβ¦
4.9
CVE-2020-36835 - Migration, Backup, Staging β WPvivid <= 0.9.35 - Sensitive Information Disclosure
The Migration, Backup, Staging β WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote loβ¦
8.3
CVE-2017-20192 - Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attβ¦
9.9
CVE-2020-36837 - ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there β¦
7.5
CVE-2024-8746 - File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if graβ¦
6.1
CVE-2022-4971 - Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for β¦
8.8
CVE-2020-36836 - WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrarβ¦
7.3
CVE-2019-25215 - ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety ofβ¦